Before answering the question, it's worth pointing out how they manage to do it in the first place. According to F-Secure, the authors of SYMBOS_YXES.B seem to have digitally signed their malware by using the Express Signing procedure, taking advantage of the lack of human inspection. Another variant of the malware was also digitally signed in February.

The missing human inspection, instead of the total reliance on mobile antivirus scanner, could have prevented the signing of the malware, since the malware authors didn't even bother to create a fake company page on the Internet in an attempt to improve their legitimacy. For instance, none of the previously used Chinese company names (XiaMen Jinlonghuatian Technology Co. Ltd., ShenZhen ChenGuangWuXian Tech. Co. Ltd. and XinZhongLi TianJin Co. Ltd.) have any public reference.

And while the mobile malware campaign is not necessarily widespread, it remains active, with the malware domain SMS-ed still online, and hosted by the U.S based Global Net Access (GNAX), which hasn't responded to abuse notifications throughout the past 30 days.